From da2d5986b99e3a2045f25b0d16902deae0586aef Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Joakim=20Frosteg=C3=A5rd?= Date: Mon, 11 May 2020 16:07:51 +0200 Subject: [PATCH] aquatic_ws: check for "fake" peer_id's in announce requests --- TODO.md | 2 -- aquatic_ws/src/lib/handler.rs | 12 +++++++++++- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/TODO.md b/TODO.md index f50dead..3b86386 100644 --- a/TODO.md +++ b/TODO.md @@ -7,8 +7,6 @@ * test * torrent state cleaning * config -* use src as field in addition to peer_id in peer map, since peers have - access to others' peer id's ## aquatic * mio: set oneshot for epoll and kqueue? otherwise, stop reregistering? diff --git a/aquatic_ws/src/lib/handler.rs b/aquatic_ws/src/lib/handler.rs index c01b131..220d618 100644 --- a/aquatic_ws/src/lib/handler.rs +++ b/aquatic_ws/src/lib/handler.rs @@ -92,6 +92,16 @@ pub fn handle_announce_requests( let torrent_data = torrents.entry(info_hash.clone()) .or_default(); + // If there is already a peer with this peer_id, check that socket + // addr is same as that of request sender. Otherwise, ignore request. + // Since peers have access to each others peer_id's, they could send + // requests using them, causing all sorts of issues. + if let Some(previous_peer) = torrent_data.peers.get(&peer_id){ + if sender_meta.peer_socket_addr != previous_peer.connection_meta.peer_socket_addr { + continue; + } + } + // FIXME: correct to only update when bytes_left is Some? if let Some(bytes_left) = request.bytes_left { let peer_status = PeerStatus::from_event_and_bytes_left( @@ -104,7 +114,7 @@ pub fn handle_announce_requests( status: peer_status, valid_until, }; - + let opt_removed_peer = match peer_status { PeerStatus::Leeching => { torrent_data.num_leechers += 1;